diff --git a/.github/workflows/pipelines.yml b/.github/workflows/pipelines.yml index 5eb32b1..1f7ce31 100644 --- a/.github/workflows/pipelines.yml +++ b/.github/workflows/pipelines.yml @@ -3,10 +3,19 @@ on: pull_request: branches: [main] paths-ignore: - - .codecov - - .docfx - - .github - - .nuget + - .codecov/** + - .docfx/** + - .github/** + - .nuget/** + - '**.md' + push: + branches: [main] + paths-ignore: + - .codecov/** + - .docfx/** + - .github/** + - .nuget/** + - '**.md' workflow_dispatch: inputs: configuration: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000..bf9d97c --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,42 @@ +name: Scorecard supply-chain security +on: + branch_protection_rule: + schedule: + - cron: '45 17 * * 2' + push: + branches: [ "main" ] + +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + security-events: write + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@v2 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + + - name: "Upload artifact" + uses: actions/upload-artifact@4 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif diff --git a/README.md b/README.md index c4a03d1..f1578d2 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # Extensions for xUnit API by Codebelt -[![xUnit Ext. CI/CD Pipeline](https://github.com/codebeltnet/xunit/actions/workflows/pipelines.yml/badge.svg)](https://github.com/codebeltnet/xunit/actions/workflows/pipelines.yml) [![codecov](https://codecov.io/gh/codebeltnet/xunit/graph/badge.svg?token=BN2UhFM3bb)](https://codecov.io/gh/codebeltnet/xunit) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=xunit&metric=alert_status)](https://sonarcloud.io/dashboard?id=xunit) [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=xunit&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=xunit) [![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=xunit&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=xunit) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=xunit&metric=security_rating)](https://sonarcloud.io/dashboard?id=xunit) +[![xUnit Ext. CI/CD Pipeline](https://github.com/codebeltnet/xunit/actions/workflows/pipelines.yml/badge.svg)](https://github.com/codebeltnet/xunit/actions/workflows/pipelines.yml) [![codecov](https://codecov.io/gh/codebeltnet/xunit/graph/badge.svg?token=BN2UhFM3bb)](https://codecov.io/gh/codebeltnet/xunit) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=xunit&metric=alert_status)](https://sonarcloud.io/dashboard?id=xunit) [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=xunit&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=xunit) [![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=xunit&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=xunit) [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=xunit&metric=security_rating)](https://sonarcloud.io/dashboard?id=xunit) [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/codebeltnet/xunit/badge)](https://scorecard.dev/viewer/?uri=github.com/codebeltnet/xunit) An open-source project (MIT license) that targets and complements the [xUnit.net](https://xunit.net/) test platform. It provides a uniform and convenient way of doing unit test for all project types in .NET.